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Abstract 

Synthesis is the automated construction of a system from its specification. The system has to satisfy its 
specification in all possible environments. Modern systems often interact with other systems, or agents. Many 
times these agents have objectives of their own, other than to fail the system. Thus, it makes sense to model 
system environments not as hostile, but as composed of rational agents; i.e., agents that act to achieve their 
£N| ■ own objectives. 

We introduce the problem of synthesis in the context of rational agents (rational synthesis, for short). The 
input consists of a temporal-logic formula specifying the system and temporal-logic formulas specifying the 
objectives of the agents. The output is an implementation T of the system and a profile of strategies, suggesting 
a behavior for each of the agents. The output should satisfy two conditions. First, the composition of T with 
the strategy profile should satisfy the specification. Second, the strategy profile should be an equilibria in the 
sense that, in view of their objectives, agents have no incentive to deviate from the strategies assigned to them. 
We solve the rational-synthesis problem for various definitions of equilibria studied in game theory. We also 
, consider the multi-valued case in which the objectives of the system and the agents are still temporal logic 

' formulas, but involve payoffs from a finite lattice. 

1 Introduction 

Synthesis is the automated construction of a system from its specification. The basic idea is simple and appealing: 
instead of developing a system and verifying that it adheres to its specification, we would like to have an automated 
procedure that, given a specification, constructs a system that is correct by construction. The first formulation of 
synthesis goes back to Church iflOl ; the modern approach to synthesis was initiated by Pnueli and Rosner, who 
introduced LTL (linear temporal logic) synthesis 11321 . In LTL synthesis, the specification is given in LTL and the 
output is a reactive system modeled by a finite-state transducer. Much of today's research in formal verification 
is aimed at increasing the practicality of automated synthesis, and it addresses challenges like simplification of 
synthesis algorithms lfl9l . compositionality and modularity lfT71l23l . extensions of the basic setting to richer ones 
(c.f., synthesis of distributed systems, concurrent systems, and on-line algorithms U] |U [TU |25l), and extensions 
of the underline techniques to further applications (c.f. automated control and repair |[l4ll33Tl ). 

In synthesis, there is a distinction between system outputs, controlled by the system, and system inputs, 
controlled by the environment. A system should be able to cope with all values of the input signals, while setting 
the output signals to desired values [32]. Therefore, the quantification structure on input and output signals is 
different. Input signals are universally quantified while output signals are existentially quantified. 

Modern systems often interact with other systems. For example, the clients interacting with a server are by 
themselves distinct entities (which we call agents) and are many times implemented by systems. In the traditional 
approach to synthesis, the way in which the environment is composed of its underlying agents is abstracted. In 
particular, the agents can be seen as if their only objective is to conspire to fail the system. Hence the term "hostile 
environment" that is traditionally used in the context of synthesis. In real life, however, many times agents have 
goals of their own, other than to fail the system. The approach taken in the field of algorithmic game theory ||29l 
is to assume that agents interacting with a computational system are rational, i.e., agents act to achieve their own 
goals. Assuming agents rationality is a restriction on the agents behavior and is therefore equivalent to restricting 
the universal quantification on the environment. Thus, the following question arises: can system synthesizers 
capitalize on the rationality and goals of agents interacting with the system? 

Consider for example a peer-to-peer network with only two agents. Each agent is interested in downloading 
infinitely often, but has no incentive to upload. In order, however, for one agent to download, the other agent 
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must upload. More formally, for each i G {0, 1}, Agent i controls the bits m ("Agent i tries to upload") and d,; 
("Agent i tries to download"). The objective of Agent i is always eventually (d{ A Assume that we are 

asked to synthesize the protocol for Agent 0. It is not hard to see that the objective of Agent depends on his input 
signal, implying he cannot ensure his objective in the traditional synthesis sense. On the other hand, suppose that 
Agent 0, who is aware of the objective of Agent 1, declares and follows the following TIT FOR TAT strategy: I will 
upload at the first time step, and from that point onward I will reciprocate the actions of Agent 1. Formally, this 
amounts to initially setting no to True and for every time k > 0, setting no at time k to equal u\ at time fc — 1. It 
is not hard to see that, against this strategy, Agent 1 can only ensure his objective by satisfying Agent objective 
as well. Thus, assuming Agent 1 acts rationally, Agent can ensure his objective. 

The example above demonstrates that a synthesizer can capitalize on the rationality of the agents that constitute 
its environment. When synthesizing a protocol for rational agents, we still have no control on their actions. We 
would like, however, to generate a strategy for each agent (a strategy profile) such that once the strategy profile 
is given to the agents, then a rational agent would have no incentive to deviate from the strategy suggested to 
him and would follow it. Such a strategy profile is called in game theory a solution to the game. Accordingly, the 
rational synthesis problem gets as input temporal-logic formulas specifying the objective tpQ of the system and the 
objectives (pi, . . . , tp n of the agents that constitute the environment. The desired output is a system and a strategy 
profile for the agents such that the following hold. First, if all agents adhere to their strategies, then the result of 
the interaction of the system and the agents satisfies . Second, once the system is in place, and the agent are 
playing a game among themselves, the strategy profile is a solution to this gameQ 

A well known solution concept is Nash equilibrium [27]. A strategy profile is in Nash equilibrium if no 
agent has an incentive to deviate from his assigned strategy, provided that the other agents adhere to the strategies 
assigned to them. For example, if the TIT FOR TAT strategy for Agent is suggested to both agents, then the pair 
of strategies is a Nash equilibrium. Indeed, for all i G {0, 1}, if Agent i assumes that Agent 1 — i adheres to 
his strategy, then by following the strategy, Agent i knows that his objective would be satisfied, and he has no 
incentive to deviate from it. The stability of a Nash equilibrium depends on the players assumption that the other 
players adhere to the strategy. In some cases this is a reasonable assumption. Consider, for example, a standard 
protocol published by some known authority such as IEEE. When a programmer writes a program implementing 
the standard, he tends to assume that his program is going to interact with other programs that implement the 
same standard. If the published standard is a Nash equilibrium, then there is no incentive to write a program 
that diverts from the standard. Game theory suggests several solution concepts, all capturing the idea that the 
participating agents have no incentive to deviate from the protocol (or strategy) assigned to them. We consider 
three well-studied solution concepts |[29l : dominant-strategies solution, Nash equilibrium, and subgame-perfect 
Nash equilibrium. 

An important facet in the task of a rational synthesizer is to synthesize a system such that once it is in place, 
the game played by the agents has a solution with a favorable outcome. Mechanism design, studied in game theory 
and economy | [28l[29l , is the study of designing a game whose outcome (assuming players rationality) achieves 
some goal. Rational synthesis can be viewed as a variant of mechanism design in which the game is induced by 
the objective of the system, and the objectives of both the system and the agents refer to their on-going interaction 
and are specified by temporal-logic formulas. 

Having defined rational synthesis, we turn to solve it. In Q, the authors introduced strategy logic - an 
extension of temporal logic with first order quantification over strategies. The rich structure of strategy logic 
enables it to specify properties like the existence of a Nash-equilibrium. While [7 ] does not consider the synthesis 
problem, the technique suggested there can be used in order to solve the rational-synthesis problem for Nash 
equilibrium and dominant strategies. Strategy logic, however, is not sufficiently expressive in order to specify 
subgame-perfect-Nash equilibrium [35] which, as advocated in 11371 (see also Section 3), is the most suited for 
infinite multiplayer games — those induced by rational synthesis. The weakness of strategy logic is its inability to 
quantify over game histories. We extend strategy logic with history variables, and show that the extended logic is 
sufficiently expressive to express rational synthesis for the three solution concepts we study. Technically, adding 
history variables to strategy logic results in a memory ful logic (211, in which temporal logic formulas have to be 
evaluated not along paths that start at the present, but along paths that start at the root and go through the present. 
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Classical applications of game theory consider games with real-valued payoffs. For example, agents may bid 
on goods or grade candidates. In the peer-to-peer network example, one may want to refer to the amount of data 
uploaded by each agent, or one may want to add the possibility of pricing downloads. The full quantitative setting 
is undecidable already in the context of model checking (3]. Yet, several special cases for which the problem is 
decidable have been studied [4]. We can distinguish between cases in which decidability is achieved by restricting 
the type of systems [3 ], and cases in which it is achieved by restricting the domain of values [13]. We solve the 
quantitative rational synthesis problem for the case the domain of values is a finite distributive De Morgan lattice. 
The lattice setting is a good starting point to the quantitative setting. First, lattices have been successfully handled 
for easier problems, and in particular, multi- valued synthesis |[T5l[T6l . In addition, lattices are sufficiently rich to 
express interesting quantitative properties. This is sometime immediate (for example, in the peer-to-peer network, 
one can refer to the different attributions of the communication channels, giving rise to the lattice of the subsets 
of the attributions), and sometimes thanks to the fact that real values can often be abstracted to finite linear orders. 
From a technical point of view, our contribution here is a solution of a latticed game in which the value of the 
game cannot be obtained by joining values obtained by different strategies, which is unacceptable in synthesis. 

1.1 Related Work 

Already early work on synthesis has realized that working with a hostile environment is often too restrictive. The 
way to address this point, however, has been by adding assumptions on the environment, which can be part of 
the specification (c.f., 0). The first to consider the game-theoretic approach to dealing with rationality of the 
environment in the context of LTL synthesis were Chatteerjee and Henzinger (H. The setting in |8], however, 
is quite restricted; it considers exactly three players, where the third player is a fair scheduler, and the notion of 
secure equilibria 0. Secure equilibria, introduced in [6], is a Nash equilibria in which each of the two players 
prefers outcomes in which only his objective is achieved over outcomes in which both objectives are achieved, 
which he still prefers over outcomes in which his objective is not achieved. It is not clear how this notion can be 
extended to multiplayer games, and to the distinction we make here between controllable agents that induce the 
game (the system) and rational agents (the environment). Also, the set of solution concepts we consider is richer. 

Ummels i37ll was the first to consider subgame perfect equilibria in the context of infinite multiplayer games. 
The setting there is of turn-based games and the solution goes via a reduction to 2-player games. Here, we consider 
concurrent games and therefore cannot use such a reduction. Another difference is that 071 considers parity 
winning conditions whereas we use LTL objectives. In addition, the fact that the input to the rational synthesis 
problem does not include a game makes the memoryful nature of subgame perfect equilibria more challenging, as 
we cannot easily reduce the LTL formulas to memoryless parity games. 

To the best of our knowledge, we are the first to handle the multi-valued setting. As we show, while the lattice 
case is decidable, its handling required a nontrivial extension of both the Boolean setting and the algorithms 
known for solving latticed games ifToll . 

2 Preliminaries 

We consider infinite concurrent multiplayer games (in short, games) defined as follows. A game arena is a tuple 
Q = (V, vq, I, (Ej)j e /, (Ti)i & j, 5), where V is a set of nodes, vq is an initial node, I is a set of players, and for 
i £ /, the set Sj is the set of actions of Player i and Tj : V — > 2 Ei specifies the actions that Player i can take 
at each node. Let I = {1, . . . , n}. Then, the transition relation 5 : V x Si x • • • x £„ — > V is a deterministic 
function mapping the current node and the current choices of the agents to the successor node. The transition 
function may be restricted to its relevant domain. Thus, 5(v, a±, . . . , a n ) is defined for v € V and {a±, . . . , a n ) E 

ri(«)x...xr n («). 

A position in the game is a tuple (v, <7i, 02, . . . , a n ) with v G V and o~i G ^(v) for every i G i". Thus, a 
position describes a state along with possible choices of actions for the players in this state. Consider a sequence 
V = Po 'Pi "P2 • • ■ of positions. For A; > 0, we use no de(pk) to denote the state component of pf,, and use Pk[i], for 
i G I, to denote the action of Player imp^. The notations extend to p in the straightforward way. Thus, node(p) is 
the projection of p on the first component. We say that p is a play if the transitions between positions is consistent 



with 5. Formally, p is a play starting at node v if node(po) = v and for all k > 0, we have node(pk+i) = S(pk). 
We use Vq (or simply V when Q is clear from the context) to denote all possible plays of Q. 

Note that at every node v G V, each player i chooses an action Uj G T^i;) simultaneously and independently 
of the other players. The game then proceeds to the successor node 8(v, a±, . . . , a n ). A strategy for Player i 
is a function 7Tj : V + i— ► Ej that maps histories of the game to an action suggested to Player i. The suggestion 
has to be consistent with Tj. Thus, for every vqv\ ■ ■ ■ Vk G we have 7Tj(uovi • • • ffc) G ri(«fc). Let IT denote 
the set of possible strategies for Player i. For a set of players / = {1, . . . , n}, a strategy profile is a tuple 
of strategies (711, 7T2, . . . ,vr n ) G IIi x II2 x • • • x H n . We denote the strategy profile by (7Tj)j g / (or simply it, 
when / is clear from the context). We say that p is an outcome of the profile it if for all k > and i & I, we 
have pfc[i] = ni(node(po) ■ node{p\) ■ ■ ■ node{pk))- Thus, p is an outcome of it if all the players adhere to their 
strategies in n. Note that since 5 is deterministic, it fixes a single play from each state of the game. Given a profile 
7r we denote by outcome(ir) Q (or simply outcome^)) the one play in Q that is the outcome of it when starting 
in vq. Given a strategy profile it and a nonempty sequence of nodes h = VqV\ ...Vk, we define the shift ofn by 
h as the strategy profile (7rf)j g / in which for all i & I and all histories w G V* , we have tt^(w) = Tii(h ■ w). 
We denote by outcome (tt)^ (or simply outcome ■(tt) h) the concatenation of vqV\ . . . Vk~i with the one play in 
Q that is the outcome of -K h when starting in Vk- Thus, outcome(ir)h describes the outcome of a game that 
has somehow found itself with history h, and from that point, the players behave if the history had been h. 
Given a profile (7Tj)j e /, an index j € /, and a strategy ir'j for Player j, we use (ir-j,^) to refer to the profile 
of strategies in which the strategy for all players but j is as in tt, and the strategy for Player j is ttj. Thus, 
( n -j' n j) — (^1^2, ■ ■ ■ jirj-WKjjirj+i, ■ ■ ■ ,vr n ). 

3 Rational Synthesis 

In this section we define the problem of rational synthesis. We work with the following model: the world consists 
of the system and a set of n agents Agent 1, . . . , Agent n. For uniformity we refer to the system as Agent 0. We 
assume that Agent % controls a set of variables, and the different sets are pairwise disjoint. At each point in 
time, each agent sets his variables to certain values. Thus, an action of Agent i amounts to assigning values to his 
variables. Accordingly, the set of actions of Agent i is given by 2 Xi . We use X to denote Uo<«<n ^ e use 
to denote X \ Xi for < i < n. Each of the agents (including the system) has an objective. The objective of an 
agent is formulated using a linear temporal logic formula (LTL EH) over the set of variables of all agentsU We 
use tfi to denote the objective of Agent i. 

This setting induces the game arena Q = (V, vo, I, (Sj)j e /, (Ti)i e i, 5) defined as follows. The set of players 
I = {0, 1, . . . , n} consists of the system and the agents. The moves of agent i are all the possible assignments to 
its variables. Thus, E< = 2 Xi . We use E, Ej, and E_j to denote the sets 2 X , 2 Xi , and 2 X ~\ respectively. An agent 
can set his variables as he wishes throughout the game. Thus Ti(v ) = Ej for every v & V. The game records in 
its vertices all the actions taken by the agents so far. Hence, V = E* and for all v G E* and (do, . . . , cr n ) G E, we 
have 8(v, a , ■ ■ ■ , a n ) = v ■ (a , a n ). 

At each moment in time, the system gets as input an assignment in E_o and it generates as output an assign- 
ment in Eo- For every possible history h G (E_o U So)* the system should decide what do G So it outputs 
next. Thus, a strategy for the system is a function ttq : E* — > Eo (recall that E = E_o U Eo and note that indeed 
V + = E*). In the standard synthesis problem, we say that 7To realizes ipo if all the computations that -itq generates 
satisfy ip^. In rational synthesis, on the other hand, we also generate strategies for the other agents, and the single 
computation that is the outcome of all the strategies should satisfy ipQ. That is, we require outcome(n) s \= (po 
where Q is as defined above. In addition, we should generate the strategies for the other agents in a way that would 
guarantee that they indeed adhere to their strategies. 

Recall that while we control the system, we have no control on the behaviors of Agent 1, . . . , Agent n. Let 
ttq : E* — > Eo be a strategy for the system in Q. Then, ttq induces the game = (E*, e, /, (Ej)j G /, (r^)j 6 /, 5), 
where for i G / \ {0}, we have T[ = Tj, and T' (w) = {iro(w-o)}, where w-o is obtained form w by project- 
ing its letters on E_o- Recall that S is restricted to the relevant domain. Thus, as T' is deterministic, we can 



2 We could have worked with any other cj-regular formalism for specifying the objectives. We chose LTL for simplicity of the presen- 
tation. 



regard Q no as an ra-player (rather than n + 1-player) game. Note that Q 7TQ contains all the possible behaviors of 
Agent 1, . . . , Agent n, when the system adheres to ttq. 

Definition 3.1 (Rational Synthesis) Consider a solution concept 7. The problem of rational synthesis (with so- 
lution concept 7) is to return, given LTL formulas tpo, ipx, . . . , cp n , specifying the objectives of the system and the 
agents constituting its environment, a strategy profile it = (ttq, 7q, . . . , ir n ) £ IIo X EEi X • • • X TL n such that both 
(a) outcome^) 1 * |= cpo and (b) the strategy profile (m, . . . , 7r n ) is a solution in the game Q 1TQ with respect to the 
solution concept 7. j 

The rational-synthesis problem gets a solution concept as a parameter. As discussed in Section [T] the fact 
(7Q, . . . , ir n ) is a solution with respect to the concept guarantees that it is not worthwhile for the agents consti- 
tuting the environment to deviate from the strategies assigned to them. Several solution concepts are studied and 
motivated in game theory. We focus on three leading concepts, and we first recall their definitions and motivations 
in game theory. The common setting in game theory is that the objective for each player is to maximize his payoff 
- a real number that is a function of the play. We use payoff \ : V — > R to denote the payoff function of player 
i. That is, payoff \ assigns to each possible play p a real number payoff \ (p) expressing the payoff of i on p. For a 
strategy profile it we use (with a slight abuse of notation) payoff^n) to abbreviate payoff^outcome^)). 

The simplest and most appealing solution concept is dominant-strategies solution. A dominant strategy is a 
strategy that a player can never lose by adhering to, regardless of the strategies of the other players. Therefore, if 
there is a profile of strategies it in which all strategies 7Tj are dominant, then no player has an incentive to deviate 
from the strategy assigned to him in it. Formally, it is a dominant strategy profile if for every 1 < i < n and for 
every profile it' with 7^ 7Tj, we have that payoff 'j(vr') < payoff i (i:'_ i ,7r,i). Consider, for example, a game played 
by three players: Alice, Bob and Charlie whose actions are {ax, 122}, {bi, ^2} and {cx, C2}, respectively. The game 
is played on the game arena depicted in the left of Figure Q] The labels on the edges are marked by the possible 
action moves. Each player wants to visit infinitely often a node marked by his initial letter. In this game, Bob's 
strategy of choosing b\ from Node 2 is a dominant strategy. All of the strategies of Charlie are dominating. Alice, 
though, has no dominating strategy. Unfortunately, in many games some agents do not have dominant strategies, 
thus no dominant-strategy solution exists. Naturally, if no dominant strategy solution exists, one would still like 
to consider other solution concepts. 

Another well known solution concept is Nash equilibrium [27]. A strategy profile is Nash equilibrium if no 
player has an incentive to deviate from his strategy in it provided he assumes the other players adhere to the 
strategies assigned to them in tt. Formally, tt is a Nash equilibrium profile if for every 1 < i < n and for every 
strategy tt^ 7^ 7Tj, we have that payofj ^(7r_^, 7tQ < payoff ^tt). For example, the strategy profile depicted in the 
middle of Figure [T]by dotted edges is a Nash equilibrium of the game to its left. Knowing the strategy of the other 
players, each player cannot gain by deviating from his strategy. 

An important advantage of Nash equilibrium is that a Nash equilibrium exists in almost every game J30]H A 
weakness of Nash equilibrium is that it is not nearly as stable as a dominant-strategy solution: if one of the other 
players deviates from his assigned strategy, nothing is guaranteed. 

Nash equilibrium is suited to a type of games in which the players make all their decisions without knowledge 
of other players choices. The type of games considered in rational synthesis, however, are different, as players do 
have knowledge about the choices of the other players in earlier rounds of the game. To see the problem that this 
setting poses for Nash equilibrium, let us consider the Ultimatum game. In Ultimatum, Player 1 chooses a 
value x £ [0, 1], and then Player 2 chooses whether to accept the choice, in which case the payoff of Player 1 is 
x and the payoff of Player 2 is 1 — x, or to reject the choice, in which case the payoff of both players is 0. One 
Nash equilibrium in ULTIMATUM is it = (ttx, 1*2) in which tti advises Player 1 to always choose x = 1 and -K2 
advises Player 2 to always reject. It is not hard to see that it is indeed a Nash equilibrium. In particular, if Player 2 
assumes that Player 1 follows m, he has no incentive to deviate from -K2- Still, the equilibrium is unstable. The 
reason is that 7r2 is inherently not credible. If Player 1 chooses x smaller than 1, it is irrational for Player 2 to 
reject, and Player 1 has no reason to assume that Player 2 adheres to tt2- This instability of a Nash equilibrium is 
especially true in a setting in which the players have information about the choices made by the other players. In 
particular, in Ultimatum, Player 1 knows that Player 2 would make his choice after knowing what x is. 

3 ln particular, all n-player turn-based games with aj-regular objectives have Nash equilibrium (5). 



To see this problem in the setting of infinite games, consider the strategy profile depicted in the right of 
Figure Q] by dashed edges. This profile is also a Nash equilibrium of the game in the left of the figure. It is, 
however, not very rational. The reason is that if Alice deviates from her strategy by choosing ci2 rather than a\ 
then it is irrational for Bob to stick to his strategy. Indeed, if he sticks to his strategy he does not meet his objective, 
yet if he deviates and chooses b± he does meet his objective. 

This instability of Nash equilibrium has been addressed in the definition of subgame-perfect equilibrium ll35Tl . 
A strategy profile it is in subgame-perfect equilibrium (SPE) if for every possible history of the game, no player 
has an incentive to deviate from his strategy in it provided he assumes the other players adhere to the strategies 
assigned to them in tt. Formally, tt is an SPE profile if for every possible history h of the game, player 1 < i < n, 
and strategy 7^ 7^ tti, we have that payoff \{~K-i, tt'^h < Payoff i(^)h- The dotted strategy depicted in the middle of 
Figure [T]is a subgame-perfect equilibrium. Indeed, it is a Nash equilibrium from every possible node of the arena, 
including non-reachable ones. 

In the context of on-going behaviors, real-valued payoffs are a big challenge and most works on reactive 
systems use Boolean temporal-logic as a specification language. Below we adjust the definition of the three 
solution concepts to the case the objectives are LTL formulaso Essentially, the adjustment is done by assuming 
the following simple payoffs: If the objective ^ of Agent i holds, then his payoff is 1; otherwise his payoff is 0. 
The induced solution concepts are then as followed. Consider a strategy profile tt = (tt\, . . . , 7r n ). 

• We say that tt is a dominant strategy profile if for every 1 < i < n and profile tt' with ir'^iTi, if 
outcome(ir') (= tpi, then outcome(Tr'__ iy Hi) (= ifi. 

• We say that it is a Nash equilibrium profile if for every 1 < % < n and profile it' with ir^^iTi, if 
outcome (it -i, 7T0 |= ifi, then outcome (tt) \= ipi. 

• We say that tt is a subgame-perfect equilibrium profile if for every history h £ £*, 1 < i < n, and profile 
it' with tt^ 7^ 7Tj, if outcome (tt _j, ir'^h \= ifi, then outcome^)^ (= ipt. 

4 Solution in the Boolean Setting 

In this section we solve the rational-synthesis problem. Let I = {0, 1, . . . , n} denote the set of agents. Recall that 
£j = 2 Xi and £ = 2 X , where X = UjgjXj, and that the partition of the variables among the agents induces a 
game arena with states in £*. Expressing rational synthesis involves properties of strategies and histories. Strategy 
Logic [7] is a logic that treats strategies in games as explicit first-order objects. Given an LTL formula ip and 
strategy variables zq, . . . , z n ranging over strategies of the agents, the strategy logic formula ip(zo, . . . , z n ) states 
that ip holds in the outcome of the game in which Agent i adheres to the strategy Z{. The use of existential and 
universal quantifiers on strategy variables enables strategy logic to state that a given profile consists of dominant 
strategies or is a Nash equilibrium. However, strategy logic is not strong enough to state the existence of a subgame 
perfect equilibrium. The reason is that a formula ip(zo, • • • , z n ) in strategy logic assumes that the strategies Zo, • • • , 
z n are computed from the initial vertex of the game, and it cannot refer to histories that diverge from the strategies. 
We therefore extend strategy logic with first order variables that range over arbitrary histories of the game. 

4.1 Extended Strategy Logic 

Formulas of Extended Strategy Logic (ESL) are defined with respect to a game Q = (V, vq, I, (Sj)j e /, (Tj)j g /, 5), 
a set H of history variables, and sets Zj of strategy variables for i E I. Let I = {0, . . . , n), S = So x • ■ ■ x E n , 
and let ip be an LTL formula over S. Let h be a history variable in H, and let zq, z n be strategy variables in 
Zo, . . . , TLn, respectively. We use z as an abbreviation for zo, z n . The set of ESL formulas is defined inductively 
as followsO 

^ ::= ip(z) I ip(z; h) | * V * | -># | 3^.* | 3h.^ 

4 In Section [5] we make a step towards generalizing the framework to the multi-valued setting and consider the case the payoffs are 
taken from a finite distributive lattice. 

5 We note that strategy logic as defined in 1 7 1 allows the application of LTL path operators (O and U ) on strategy logic closed formulas. 
Since we could not come up with a meaningful specification that uses such applications, we chose to ease the presentation and do not allow 
them in ESL. Technically, it is easy to extend ESL and allow such applications. 



We use the usual abbreviations A, — and V. We denote by jree{$>) the set of strategy and history variables that 
we. free (not in a scope of a quantifier) in \t. A formula ^ is closed if free(fy) = 0. The alternation depth of 
a variable of a closed formula is the number of quantifier switches (3V or V3, in case the formula is in positive 
normal form) that bind the variable. The alternation depth of closed formula ^ is the maximum alternation depth 
of a variable occurring in the formula. 

We now define the semantics of ESL. Intuitively, an ESL formula of the form ip(z; h) is interpreted over the 
game whose prefix matches the history h and the suffix starting where h ends is the outcome of the game that 
starts at the last vertex of h and along which each agent i £ I adheres to his strategy in z. Let XCiu Ui<=i ^« 
be a set of variables. An assignment Ax assigns to every history variable h G X n H, a history Ax(h) G V + and 
assigns to every strategy variable z% G In Zj, a strategy Axizi) G IL;. Given an assignment Ax and a strategy 
7Tj G Ilj, we denote by Ax \z% <— vrj] the assignment -4^u{z } * n wrncri ^xu{z }( z i) = n i anc ^ ^ or a vaf i a ble x ^ Zi 
we have -4-xu{z = •A%(x). For histories of the game w G V + we define Ax[h<— w] similarly. 

We now describe when a given game Q and a given assignment Ax satisfy an ESL formula ^, where X is 
such that free(^) C X. For LTL, the semantics is as usual [24]. 

(G,Ax) N iff outcome (Ax(z))s \= i/> {G,A X ) \= *i V tf 2 iff (g,A%) (= *i or (G,Ax) H *2 

(G,Ax) hi>(z;h) iff outcome (Ax(z)f Aj[{h) \= V Mx)N^;.f iff 37r i Gn i .(£,.4 x [zi \= * 

For an ESL formula \& we use J*] to denote its set of satisfying assignments; that is, [^J = {(£/, Ax) | X = 
free{$>) and (G,Ax) \= Given an ESL formula ^ and a game graph Q, we denote by p^flg the assignment 
Ax to the free variables in ^ such that (Q, Ax) G J*]]. 

Before we show how J^Jg can be computed we show that ESL is strong enough to express the solution to the 
rational-synthesis problems for the three solution concepts we study. 

4.2 Expressing Rational Synthesis 

We now show that the rational synthesis problem for the three solution concepts we study can be stated in ESL. 
We first state that a given strategy profile y = {yiji^i is a solution concept on the game Q yo , that is, the game 
induced by Q when Agent adheres to his strategy in y. We use J_o to denote the set {1, . . . , n}, that is, the set of 
all agents except for the system, which is Agent 0. Given a strategy profile z = we use (z_uq\, yi, yo) to 

denote the strategy profile where all agents but i and follow z and agents i and follow yj and yo, respectively. 
For % G I, let ipi be the objective of Agent i. For a solution concept 7 G {ds, NASH, SPE} and a strategy profile 
y = {yi)ieii the formula \l/ 7 (y), expressing that the profile (j/i)iej_ is a solution with respect to 7 in Q yo , is 
defined as follows. 

• <f DS (y) := f\ ieI _ Vz. (ipi{z- ,y ) -> <Pi(z_ {i}0 y,yi,y )). 

• * NASH (y) := A ie/ _ V*. My-itZi^wiy)). 

• vP SPE (y) :=Vfc.A i6 /_ V3i. ((w(y-i,«i,/i)-»(w(y,/»)). 

We can now state the existence of a solution to the rational-synthesis problem with input ipo , . . . , ip n by the 
closed formula <I> 7 := 3(yj)j e /.(y?o((yi)iei') A ^ 7 ((?/i)ie-r))- Indeed, the formula specifies the existence of a 
strategy profile whose outcome satisfies ipo and for which the strategies for the agents in I_q constitute a solution 
with respect to 7 in the game induced by yo- 

4.3 ESL Decidability 

In order to solve the rational-synthesis problem we are going to use automata on infinite trees. Given a set D of 
directions, a D-tree is the set D*. The elements in D* are the nodes of the tree. The node e is the root of the tree. 
For a node u G D* and a direction d £ D, the node u • d is the successor of it with direction d. Given D and an 
alphabet S, a S-labeled D-tree is a pair (D*, r) such that r : D* — ► S maps each node of D* to a letter in E. 



An alternating parity tree automaton (APT) is a tuple A = (X, D, Q, 5q,5, x), where £ is the input alphabet, 
D is the directions set, Q is a finite set of states, 5q is the initial condition, 5 is the transition relation and x '■ Q >— ► 
{1, . . . , k} is the parity condition. The initial condition 5q is a positive boolean formula over Q specifying the 
initial condition. For example, (q\ V ^2) A q% specifies that the APT accepts the input tree if it accepts it from state 
53 as well as from q\ or q2- The transition function 5 maps each state and letter to a boolean formula over D x Q. 
Thus, as with 5o, the idea is to allow the automaton to send copies of itself in different states. In 5, the copies are 
sent to the successors of the current node, thus each state is paired with the direction to which the copy should 
proceed. Due to the lack of space, we refer the reader to ifTTI for the definition of runs and acceptance. 

Base ESL formulas, of the form ip(z, h), refer to exactly one strategy variable for each agent, and one history 
variable. The assignment for these variables can be described by a (E x {1, T})-labeled S-tree, where the S- 
component of the labels is used in order to describe the strategy profile ir assigned to the strategy variable, and 
the {_L, T}-component of the labels is used in order to label the tree by a unique finite path corresponding to the 
history variable. We refer to a (S x {_L, T})-labeled S-tree as a strategy-history tree. A node u = d$d\ . . . dk in 
a strategy-history tree (£*, r) corresponds to a history of the play in which at time < j < k, the agents played 
as recorded in dj. A label r(u) = (do, . . . , cr n , H) of node u describes (1) for each agent i, an action that the 
strategy 7Tj advises Agent i to take when the history of the game so far is u, and (2) whether the node is along the 
path corresponding to the history. Among the |S| successors of u in the strategy-history tree, only the successor 
u ■ t(u) corresponds to a scenario in which all the agents adhere to their strategies in the strategy profile described 
in (£*, t). We say that a path p in (£*, r) is obedient if for all nodes u ■ d G p, for u € X* and d € S, we have 
d = t(u). Note that there is a single obedient path in every strategy tree. This path corresponds to the single play 
in which all agents adhere to their strategies. The {_L, T} labeling is legal if there is a unique finite path starting at 
the root, all of whose node are marked with T. Note that there is a single path in the tree whose prefix is marked 
by T's and whose suffix is obedient. 

An ESL formula ^ may contain several base formulas. Therefore, \& may contain, for each i € I, several 
strategy variables in Zj and several history variables in M. For i £ I, let {zj, . . . , z^ 1 *} be the set of strategy 
variables in ^ n Zj. Recall that each strategy variable zj € Zj corresponds to a strategy irj : X* — > Xj. Let 
{hi, . . . , h m } be the set of history variables in \£. Recall that each history variable h corresponds to a word in £*, 
which can be seen as a function : S* — > {T, _L} labeling only that word with T's. Thus, we can describe an 
assignment to all the variables in ^ by a T-labeled S-tree, with T = x S™ 1 x • • • x x {_L, T} m . 

We solve the rational synthesis problem using tree automata that run on T-labeled S-trees. Note that the 
specification of rational synthesis involves an external quantification of a strategy profile. We construct an au- 
tomaton U that accepts all trees that describe a strategy profile that meets the desired solution. A witness to the 
nonemptiness of the automaton then induces the desired strategies. 

We define U as an APT. Consider an ESL formula tp(z, h). Consider a strategy tree (£*, r). Recall that ip 
should hold along the path that starts at the root of the tree, goes through h, and then continues to outcome (z)h- 
Thus, adding history variables to strategy logic results in a memoryful logic [21], in which LTL formulas have to 
be evaluated not along a path that starts at the present, but along a path that starts at the root and goes through 
the present. The memoryful semantics imposes a real challenge on the decidability problem, as one has to follow 
all the possible runs of a nondeterministic automaton for ip, which involves a satellite implementing the subset 
construction of this automaton [21]. Here, we use instead the {_L, T}-component of the label of r. 

The definition of the APT^l^, for J^Jg works by induction on the structure of VP. At the base level, we have 
formulas of the form tp(z, h), where ifi is an LTL formula, z is a strategy profile, and h is a history variable. The 
constructed automaton then has three tasks. The first task is to check that the {_L, T} labeling is legal; i.e. there 
is a unique path in the tree marked by T's. The second task is to detect the single path that goes through h and 
continues from h according to the strategy profile z. The third task is to check that this path satisfies ip. The 
inductive steps then built on APT complementation, intersection, union and projection f26l . In particular, as in 
strategy logic, quantification over a strategy variable for agent i is done by "projecting out" the corresponding Sj 
label from the tree. That is, given an automaton A for ^, the automaton for 3zi.^ ignores the £j component that 
refers to z% and checks iona tree where this component is guessed. The quantification over history variables is 
similar. Given an automaton A for ^ the automaton for 3h.^ ignores the {_L, T} part of the label that corresponds 
to h and checks A on a tree where the {_L, T} part of the label is guessed. 



Theorem 4.1 Let be an ESL formula over Q. Let d be the alternation depth of ^f. We can construct an APT 
A^i such that A^ accepts J^Jg and its emptiness can be checked in time (d + 1)-EXPTIME in the size of^f. 



4.4 Solving Rational Synthesis 

We can now reduce rational-synthesis to APT emptiness. 

Theorem 4.2 The LTL rational-synthesis problem is 2EXPTIME-complete for the solution concepts of dominant 
strategy, Nash equilibrium, and subgame-perfect equilibrium. 

Proof: We have shown in Section l4~2l that the rational-synthesis problem for 7 G {ds, NASH, SPE} can be 
specified by an ESL formula $ 7 with one alternation. It follows from Theorem 14. II that we can construct an APT 
accepting [[^Jg (where Q is as defined in Section [3]) whose emptiness can be solved in 2EXPTIME. Hence, the 
problem is in 2EXPTIME. 

Hardness in 2EXPTIME follows easily from the 2EXPTIME-hardness of LTL synthesis [34). Indeed, syn- 
thesis against a hostile environment can be reduced to rational synthesis against an agent whose objective is true. 

□ 

Remark 4.3 In the above we have shown how to solve the problem of rational synthesis. It is easy to extend our 
algorithm to solve the problem of rational control, where one needs to control a system in a way it would satisfy 
its specification assuming its environment consists of rational agents whose objectives are given. Technically, the 
control setting induces the game to start with, thus the strategy trees are no longer S-trees, and rather they are 
(S x S)-trees, where S is the state space of the system we wish to control. j 



5 Solution in the Multi- Valued Setting 

As discussed in Section [T] classical applications of game theory consider games with quantitative payoffs. The 
extension of the synthesis problem to the rational setting calls also for an extension to the quantitative setting. 
Unfortunately, the full quantitative setting is undecidable already in the context of model checking Q. In this 
section we study a decidable fragment of the quantitative rational synthesis problem: the payoffs are taken from 
finite De-Morgan lattices. A lattice (A, <) is a partially ordered set in which every two elements a, b G A have 
a least upper bound (a join b, denoted a V b) and a greatest lower bound (a meet b, denoted a A b). A lattice is 
distributive if for every a,b,c G A, we have a A (6 V c) = (a A b) V (a A c). De-Morgan lattices are distributive 
lattices in which every element a has a unique complement element -<a such that — >— >a = a, De-Morgan rules 
hold, and a < b implies ^b < -ia. Many useful payoffs are taken from finite De-Morgan lattices: all payoffs that 
are linearly ordered, payoffs corresponding to subsets of some set, payoffs corresponding to multiple view-points, 
and more ifBlflol 

We specify qualitative specifications using the temporal logic latticed LTL (LLTL, for short), where the truth 
value of a specification is an element in a lattice. For a strategy profile it and an LLTL objective ipi of Agent i, the 
payoff of Agent i in 7r is the truth value of ipi in outcome (it). A synthesizer would like to find a profile -k in which 
payoff (tt) is as high as possible. Accordingly, we define the latticed rational synthesis as follows. 

Definition 5.1 (Latticed Rational Synthesis) Consider a solution concept 7. The problem of latticed rational 
synthesis (with solution concept 7) is to return, given LLTL formulas tpo,...,ip n and a lattice value v G L, a 
strategy profile it = (ttq, 7Ti, . . . , 7r n ) £ IIq x IIi x • • • x U n such that (a) payoff^ir) > v and (b) the strategy 
profile (m, . . . , ir n ) is a solution in the game Q no with respect to the solution concept 7. j 

In the Boolean setting, we reduced the rational-synthesis problem to decidability of ESL. The decision pro- 
cedure for ESL is based on the automata-theoretic approach, and specifically on APT's. In the lattice setting, 
automata-theoretic machinery is not as developed as in the Boolean case. Consequently, we restrict attention to 
LLTL specifications that can be translated to deterministic latticed Biichi word automata (LDBW), and to the 
solution concept of Nash equilibrium]! 



A Biichi acceptance conditions specifies a subset F of the states, and an infinite sequence of states satisfies the condition if it visits F 
infinitely often. A generalized Biichi condition specifies several such sets, all of which should be visited infinitely often. 



An LDBW can be expanded into a deterministic latticed Biichi tree automata (LDBT), which is the key 
behind the analysis of strategy trees. It is not hard to lift to the latticed setting almost all the other operations on 
tree automata that are needed in order to solve rational synthesis. An exception is the problem of emptiness. In 
the Boolean case, tree-automata emptiness is reduced to deciding a two-player game [ 12 ]. Such games are played 
between an V-player, who has a winning strategy iff the automaton is not empty (essentially, the V-player chooses 
the transitions with which the automaton accepts a witness tree), and a A-player, who has a winning strategy 
otherwise (essentially, the A-player chooses a path in the tree that does not satisfy the acceptance condition). A 
winning strategy for the V-player induces a labeled tree accepted by the tree automaton. 

In latticed games, deciding a game amounts to finding a lattice value I such that the V-player can force the 
game to computations in which his payoff is at least I. The value of the game need not be achieved by a single 
strategy and algorithms for analyzing latticed games consider values that emerge as the join of values obtained 
by following different strategies |[T6l l36l . A labeled tree, however, relates to a single strategy. Therefore, the 
emptiness problem for latticed tree automata, to which the latticed rational synthesis is reduced, cannot be reduced 
to solving latticed games. Instead, one has to consider the single-strategy variant of latticed games, namely the 
problem of finding values that the V-player can ensure by a single strategy. We address this problem below. 

Theorem 5.2 Consider a latticed Biichi game G. Given a lattice element I, we can construct a Boolean generalized- 
Biichi game Gi such that the V-player can achieve value greater or equal I in G using a single strategy iff the 
V-player wins in G[. The size of Gi is bounded by \G\ ■ |i| 2 and G\ has at most \L\ acceptance sets. 

Using Theorem l5.2l we can solve the latticed rational synthesis problem in a fashion similar to the one we used 
in the Boolean case. We represent strategy profiles by S-labeled S-trees, and sets of profiles by tree automata. 
We construct two Boolean generalized-Biichi tree automata. The first, denoted Aq, for the language of all profiles 
7r in which payoff q(vt) > v, and the second, denoted An, for the language of all Nash equilibria. The intersection 
of _4o and An then contains all the solutions to the latticed rational synthesis problem. Thus, solving the problem 
amounts to returning a witness to the nonemptiness of the intersection, and we have the following. 

Theorem 5.3 The latticed rational-synthesis problem for objectives in LDBW and the solution concept of Nash 
equilibrium is in EXPTIME. 

We note that the lower complexity with respect to the Boolean setting (Theorem 14.21 ) is only apparent, as the 
objectives are given in LDBWs, which are less succinct than LLTL formulas lfl5ll20lL 

6 Discussion 

We introduced rational synthesis — synthesizing a system that functions in a rational environment. As in tradi- 
tional synthesis, one cannot control the agents that constitute the environment. Unlike traditional synthesis, the 
agents have objectives, we can suggest a strategy for each agent, and we can assume that rational agents follow 
strategies they have no incentive to deviate from. 

The solution of the rational synthesis problem relies on an extension of strategy logic [7 ]. The modularity of 
our solution separates the game-theoretic considerations and the synthesis technique. Indeed our technique can 
be applied to any solution concept that can be expressed in extended strategy logic. We show that for the com- 
mon solution concepts of dominant strategies equilibrium, Nash equilibrium, and subgame perfect equilibrium, 
rational synthesis has the same complexity as traditional synthesis The versatility of the extended logic enables 
many extensions of the setting. For example, one can associate different solutions concepts with different sub- 
specifications. In particular, it is often desirable in practice to ensure that some properties of the system hold 
regardless of the rationality of the agents. This can be done by letting the specifier specify, in addition to ifo, also 
an LTL formula ip' (typically ifo — > ip' ) that should be satisfied in the traditional synthesis interpretations, namely 
in all environments. 

References 

[1] B. Aminof, O. Kupferman, and R. Lampert. Reasoning about online algorithms with weighted automata. In Proc. 20th 
SODA, pages 835-844, 2009. 



[2] P.C. Attie, A. Arora, and EA. Emerson. Synthesis of fault-tolerant concurrent programs. TOPLAS, 26:128-185, 2004. 

[3] A. Chakrabarti, K. Chatterjee, T.A. Henzinger, O. Kupferman, and R. Majumdar. Verifying quantitative properties 
using bound functions. In Proc. 13th CHARME, LNCS 3725, pages 50-64, 2005. 

[4] K. Chatterjee, L. Doyen, and T. Henzinger. Quantative languages. In Proc. 17th CSL, LNCS 5213, pages 385-400, 
2008. 

[5] K. Chatterjee, T. Henzinger, and B. Jobstmann. Environment assumptions for synthesis. In Proc. 19th CONCUR, 
LNCS 5201, pages 147-161, 2008. 

[6] K. Chatterjee, T. Henzinger, and M. Jurdzinski. Games with secure equilibria. Theoretical Computer Science, 2006. 

[7] K. Chatterjee, T. A. Henzinger, and N. Piterman. Strategy logic. In 18th CONCUR, LNCS, pages 59-73, 2007. 

[8] K. Chatterjee and T.A. Henzinger. Assume-guarantee synthesis. In Proc. 13th TACAS, LNCS 4424, pages 261-275, 
2007. 

[9] K. Chatterjee, R. Majumdar, and M. Jurdzinski. On Nash equilibria in stochastic games. In Proc. 13th CSL, LNCS 
3210, pages 26-40, 2004. 

[10] A. Church. Logic, arithmetics, and automata. In Proc. Int. Congress of Mathematicians, 1962, pages 23-35, 1963. 

[11] E. Gradel, W. Thomas, and T. Wilke. Automata, Logics, and Infinite Games: A Guide to Current Research, LNCS 
2500, 2002. 

[12] Y. Gurevich and L. Harrington. Trees, automata, and games. In Proc. 14th STOC, pages 60-65, 1982. 

[13] A. Gurfinkel and M. Chechik. Multi-valued model-checking via classical model-checking. In 14th CONCUR, LNCS 
2761, pages 263-277, 2003. 

[14] B. Jobstmann, A. Griesmayer, and R. Bloem. Program repair as a game. In Proc 17th CAV, LNCS 3576, pages 
226-238,2005. 

[15] O. Kupferman and Y. Lustig. Lattice automata. In Proc. 8th VMCAI, LNCS 4349, pages 199 - 213, 2007. 

[16] O. Kupferman and Y. Lustig. Latticed simulation relations and games. In 5th ATVA, LNCS 4762, pages 316-330, 
2007. 

[17] O. Kupferman, N. Piterman, and M.Y Vardi. Safraless compositional synthesis. In Proc 18th CAV, LNCS 4144, pages 
31-44,2006. 

[18] O. Kupferman and M.Y. Vardi. Synthesizing distributed systems. In Proc. 16th LICS, pages 389-398, 2001. 

[19] O. Kupferman and M.Y. Vardi. Safraless decision procedures, In Proc. 46th FOCS, pages 531-540, 2005. 

[20] O. Kupferman and M.Y Vardi. From linear time to branching time. TOCL, 6(2):273-294, 2005. 

[21] O. Kupferman and M.Y. Vardi. Memoryful branching-time logics. In Proc. 21st LICS, pages 265-274, 2006. 

[22] O. Kupferman and M.Y. Vardi. Weak alternating automata and tree automata emptiness. In Proc. 30th STOC, pages 
224-233, 1998. 

[23] Y. Lustig and M.Y. Vardi. Synthesis from component libraries. In Proc. 12th FOSSACS, LNCS 5504, pages 395-409, 
2009. 

[24] Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer, 1992. 

[25] R. van der Meyden and T. Wilke. Synthesis of distributed systems from knowledge-based specifications. In 16th 
CONCUR, LNCS 3653, pages 562-576, 2005. 

[26] D.E. Muller and PE. Schupp. Alternating automata on infinite trees. Theoretical Computer Science, 54:267-276, 1987. 

[27] J.F.Nash. Equilibrium points in n-person games. In Proceedings of the National Academy of Sciences of the United 
States of America, 1950. 

[28] N. Nisan and A. Ronen. Algorithmic mechanism design. In Proc. 31st STOC, pages 129-140, 1999. 

[29] N. Nisan, T. Roughgarden, E. Tardos, and V. V. Vazirani. Algorithmic Game Theory. Cambridge University Press, 
2007. 

[30] M. J. Osborne and A. Rubinstein. A Course in Game Theory. The MIT Press, 1994. 




Figure 1 : A game, two Nash equilibria and one subgame-perfect equilibrium. 



[31] A. Pnueli. The temporal logic of programs. In Proc. 18th FOCS, pages 46-57, 1977. 

[32] A. Pnueli and R. Rosner. On the synthesis of a reactive module. In Proc. 16th POPL, pages 179-190, 1989. 

[33] P.J.G. Ramadge and W.M. Wonham. The control of discrete event systems. IEEE Transactions on Control Theory, 
77:81-98, 1989. 

[34] R. Rosner. Modular Synthesis of Reactive Systems. PhD thesis, Weizmann Institute of Science, 1992. 

[35] R. Selten. Reexamination of the perfectness concept for equilibrium points in extensive games. International Journal 
of Game Theory, 4(l):25-55, March 1975. 

[36] S. Shoham and O. Grumberg. Multi-valued model checking games. In Proc. 3rdATVA, LNCS 3707, pages 354-369, 
2005. 

[37] M. Ummels. Rational behaviour and strategy construction in infinite multiplayer games. In Proc. 26th FSTTCS, LNCS 
4337, pages 212-223, 2006. 

[38] M.Y. Vardi and P. Wolper. Reasoning about infinite computations. Information and Computation, 115(l):l-37, 1994. 

A Proofs 

A.l Proof of Theorem @J] 

The construction proceeds by induction on the structure of ^. Note that while the APT is defined with respect to 
T-labeled E-trees, a base formula ip(z, h) focuses on a (E x {_L, T}) projection of the label (the one assigning 
values to the variables in z and h). We describe here in detail the base case, where ^ = tp(z,h). The case 
where = tp(h) can be derived from the case ^ = ip(z, h) by checking in addition that only the root is labeled 
T. The cases ^ is of the form V ^2, ~>*&i, 3^.^!, and 3/t.\E'i follow from the closure of APTs to union, 
complementation, and projection. 

The complexity analysis follows from the fact that the automaton for rp(z, h) is exponential in ip, and each 
sequence of quantifiers that increases the alternation depth by one, involves an exponential blow up in the state 
space and a polynomial blow up in the index [26]. Thus, the number of states in Aq> is (d + 1) -exponential in ^ 
and the index of Aq, is polynomial (of degree d) in where d is the alternation depth of Since the projection 
operation results in a nondeterministic (rather than an alternating) tree automaton, the emptiness check when the 
last operation is projection does not involve an additional exponential blow up. 

Let ^ = ip(z, h). Given an LTL formula ip, one can construct an APT with 2°uW states and index 3 
such that accepts all trees all of whose paths satisfy ip ||38l . Let = (E, E, Q, 6°, 5, x)- F° r the first and 
second tasks we use four states qhi s , qjut, lace, and q re j. The automaton Aq, starts by sending two copies, one at 
the initial state of and one at q^. The copy in state follows the history, i.e. the path marked with T 
labels. When it reads a node with a _L label, marking that the history ends and the future begins, it moves to the 
state q-fuf. From the state q^, this copy checks that the agents adhere to the strategy. If a violation of the strategy 
is detected, the copy concludes that ip need not be evaluated along the path it traversed and moves to q acc . If 
another T has been read, the copy conclude that the {T, ±}-component is illegal and moves to q re j. Formally, 
Ay = (Ex {_L, T}, E, QU{qm s , qjut, qacc, q re j}, 8 AqMs, v, x'), where for every a G E, H G {±, T}, the transition 
function v is defined as follows. Note that the alphabet of .4^ is T, rather than E x {_L, T}. Since, however, base 
formulas refer to a single strategy profile and history variable, we restrict attention to the relevant components of 
the input alphabet. 



• v(q acc , (a, H }) = q acc and u(q rej , (a, H }) = g re; -. • is(q his ,(a, T)) = V dgS A /\d'ez\{d}( d ' '» 

• For every g G Q, we have u(q,(a, H )) = <5(g,cr). • u(qjut,(a,T)) = f\ deS (d,q rej ). 

• v(qhi s ,{(r, -L» = /\ de x(d,q filt ). • v(q filt ,((T, ±)) = A deS (Ad=<r( d > A A^Wfc))- 

The parity condition is such that x'(^) = x(^) f° r every q *E Q and for the other states we have x'ilacc) = 0, 
X'(^) = 1, x'(to) = 1, and x'(^r) = 0. 

It is easy to see that a tree (£*, r) is accepted by ^4^ iff there is a word meS' such that for every prefix u of 
w the node u is labeled (a, T) for some a G S and outcome{r) w \= ifi. The number of states of ^4^, is exponential 
in </? and its index is 3. 

A.2 Proof of Theorem 13] 

Consider a lattice L. An element i eL is join irreducible if for all y, z G L we have x < y\J z implies x < y 
or x < z. Given we define the game Gi as follows. Let Xi = {x G J /(L) j x < /} be the set of join irreducible 
elements smaller then By Birkhoff 's representation theorem, a strategy ensures a value greater or equal I iff for 
every x G Xi the strategy ensures a value greater or equal x. 

By the analysis in [16], the value of a latticed play p in a game G can be decomposed into three values: the 
acceptance value acc(p), and two values r v and r A that have to do with value relinquished by the V-player and the 
A-player during the play, respectively. Furthermore, the values r v and r A are the limits of the sequences {rV}°^ 
and {r A }°^ where for every i > the values of and r A depend on the z-long prefix of the play p. 

The idea underlying the reduction is to consider a Boolean game in which the values from the latticed game are 
made explicit by the structure of the game graph. Formally, for a latticed game G = {V, E} with V = Vy U V A 
and an L-Biichi condition F G h v , we define a Boolean generalized-Biichi game G[ = {V, E'} as follows. The 
state space V' = V X L X L is such that in a state (u, x, y) G V x L x L, we have that n stands for a state in G, 
the value x stands for the V-relinquished value , and the value y stands for the A-relinquished value r A . 

Let G = {V, E} be a latticed game with an L-Biichi condition F G h v and initial vertex v o G V. The 
simplification of G for / G L, denoted G[, is the Boolean game G\ = {V 1 , E'} where V' = V x L x L, and the 
partition of V' and £" is defined as follows. First, Vy = Vy x L x L and ^ = 7 A x L x L (note that even though 

is Boolean, we keep the names V-player and A-player). The initial vertex is (vq, T, _L). In order to define the 
edges we introduce the following notation. For n, u' G V and x, y G L the u' -successor of (u, x, y) is (V, x', y'), 
where either u G Vy in which case x' = x A V y) and y' = y, or -u G F A in which case x' = x and 

y' = y V (E(u, v) A x). Now, = {((n, x, y), (u', x', y')) | (u', x', y') is the n'-successor of (u, x, y)}. 

It is left to define the generalized-Biichi condition. In order to ensure the value / G L, the V-player must 
"collect" every value x G Xi either as a value relinquished by the A-player or by the acceptance value acc. For 
that, we define, for each x G X\ a set F x in the generalized-Biichi condition. We define F x = (V x L x {y G 
L | y > x}) U ({u G V | i 7 ^) > x) \ V x {y G L | y ^ x} x L). The first component states for states in which the 
A-player relinquished x, and the second component stands for states in which both the acceptance value is greater 
then x and x was not relinquished by the V-player in the past. Now, the generalized-Biichi acceptance condition 
is F' = {F x | x G X t }. 

Assume first there exists a single strategy it in G ensuring value greater or equal /. Every strategy n for G 
(for either player) induces a strategy it' in G\ in which tt'((uo, xo, yo), ■ ■ ■ , (un,^ n , y n )) is the tt(uo, . . . , u n )- 
successor of (u n , x n ,y n ). Consider a V-player strategy ir that ensures value greater or equal I. We show that ir 1 is 
winning in G\. It is not hard to see that a play p' = (uq, xo, yo) • • • {u n , x n ,y n ) . . . consistent with it' corresponds 
to a play p = uq . . . u n . . . consistent with 7r. Furthermore, for every i > 0, we have xi = and yi = r A . Since 
7r ensures value / in G, the value of p is greater or equal /, and therefore, for every join irreducible x G V x we have 
val{p) > x. Thus, either there exists an index i from which r A < x or for infinitely many f's we have F(ui) > x 
and r 4 v > x. Both cases imply that the set F x is traversed infinitely often. Thus the play p' is winning for the 
V-player in G[. 

Assume now that it' is a winning strategy for the V-player in G[. The strategy ir' induces a V-player strategy 
in G in the following way: Every prefix of a play p = uo, u\, . . . ,u n in G induces the prefix of a play p' = 



(uo, T, _L), (uo, xi, yx), . . . , (u n , x n , y n ), where for every i > 0, we have that (u{, Xj, yj) is the Uj-successor of 
(ui-l, £Cj_i, We define 7r(p) to be the state it for which 7r'(j/) is (u, x, y). It is not hard to see that for a 

play p in G consistent with ir, and for every i > 0, we have Xj = r 4 v and y, = r 4 A . As tt' is winning in G',, we get 
that for every x € X; we have val(p) > x, and therefore val(p) > I. 

A.3 Proof of Theorem [53] 

Approaching the problem in a fashion similar to the one we used in the Boolean case, we represent strategy 
profiles by S-labeled S-trees, and sets of profiles by tree automata. We construct two Boolean tree automata. 
The first, denoted Ao, for the language of all profiles it in which payoff (ir) > v, and the second, denoted An, 
for the language of all Nash equilibria. It is not hard to see that the intersection of Ao and An contains all the 
solutions to the latticed rational synthesis problem. Thus, solving the problem amounts to returning a witness to 
the nonemptiness of the intersection. 

For the purposes of complexity analysis, we denote by Si the size of the LDBW for the z-th agent specification, 
by s = max{si} the maximal Si, and by m = |L| the size of the lattice. 

We first construct Aq. As in the Boolean case, we first construct an LDBT A' that maps a strategy profile it to 
payoff (ir). Using Theorem 15 .21 we can construct from A' the required Boolean tree automaton Ao. To see how, 
note that the generalized-Biichi game involved has a very uniform structure. From every V-vertex, the V-player 
has exactly one choice associated with each a € S. (This property is inherited from the latticed game which in 
turn inherits it from the fact that the alphabet of A' is £.) A similar property holds for the A-player (this property 
is inherited from the fact that A' runs on S-trees). Therefore, the generalized-Biichi game can be reduced, using 
standard techniques, to a generalized-Biichi tree automaton .Ao- The size of A' is so ■ m 2 and the number of 
acceptance sets in its generalized Biichi condition is bounded by m. 

We now turn to build an automaton for Nash equilibria An- We construct An as an intersection of n automata 
{A l N }f =l , where the language of A N is the set of the profiles that satisfy payoff^-ir-i,^) < payoff \(tt). By 
Birkhoff 's representation theorem, an equivalent criteria would be that for every join irreducible element j G 
J7(L), we have payoff^ii-i,^) > j — > payojf^-K^i) > j. Given LDBW for (pi, it is not hard to construct 
LDBTs for payoff^-ir^i,^) and payoff^ir). For every join irreducible element j G JI(L) we would like to make 
sure that payoff^TT^i,^) > j —>■ payoff^ir, ipi) > j. To that end, we use the construction of the Boolean game 
Qj in the proof of Theorem |5.2j Recall that in the game Qj, the value x is obtained by a single strategy iff the 
acceptance set F x is visited infinitely often. Thus, for a specific agent i < n, and a join irreducible element 
j G JI(L), we can construct a Boolean Biichi tree automaton B 1 -, of size 0(si ■ m 2 ), that accepts exactly the 
trees encoding profiles for which payoff ^ir, ipi) > j. In a similar way, we can construct a tree automaton Cj, of 
similar size, that accepts trees encoding profiles for which payoff^iT-i,^) > j. Combining B l - and Cj we can 
get a Streett automaton Aj that accepts profiles for which payoff vr-) > j — > payoff^, ifi) > j. The size 
of Aj is 0(s| x m 4 ), and it has one Streett pair. Note that for a fixed i, the automata A 1 - share their structure 
and only differ in the acceptance condition. Therefore, for a fixed i < n, we can construct an automaton A l N , of 
size 0(sf ■ m 4 ) and with 0(m) pairs, that accepts profiles for which payoff ^(7r_j, 7r-) > j — > payoff^n, (fi) > j 
for every join irreducible element j € JI(h). By intersecting the automata A N we get an automaton An of size 
(s ■ m)°( n \ with 0(m ■ n) pairs. 

The intersection of Ao and An is a Streett automaton of size (s-m)°^ and with O(m-n) pairs. Its emptiness 
can then be checked in time (s ■ m) oi<m ' n ) ll22l . and we are done. 



